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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

I )0 Responsive to communication(s) filed on . 

2a)D This action is FINAL. 2b)[X] This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) Kl Ciaim(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) [X] Claim(s) 1-20 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) £3 The specification is objected to by the Examiner. 

10)[X] The drawing(s) filed on 06 July 2001 is/are: a)[X] accepted or b)D objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

I I )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

1 2)S Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 11 9(a)-(d) or (f). 
eM AN b)D Some * c)D None of: 

1 .Ex] Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 



3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1. Claims 1-20 have been examined. 

Specification 

2. The abstract of the disclosure is objected to because it exceeds 1 50 words in 
length. Correction is required. See MPEP § 608.01(b). 

Claim Objections 

3. Claim 12 is objected to because of the following informalities: change 
"smartcard" (3 rd line) to "said smartcard" and "receiving device" (3 rd line) to "said 
receiving device". Claims that are not specifically addressed are objected to by virtue of 
their dependencies. Appropriate correction is required. 

Claim Rejections -35 USC §112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claims 10, 12 and 16 are rejected under 35 U.S.C. 1 12, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

a. Regarding claim 10, claim 1 is written such that the method as a whole and the 
comparing step in particular can only be accomplished by the receiving device. 
Therefore, the claim language does not support the added limitation in claim 10. For 
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examination purpose, the claim is interpreted as further comprising the steps of 
receiving a hash by the sending device from the receiving device and comparing said 
hash received from said receiving device with a hash of said sending device, wherein 
both hashes are calculated by hash algorithms using identification data and said 
common secret. 

b. Regarding claim 12, it recites the limitation "said comparing component of said 
sending device" in the 2 nd line. There is insufficient antecedent basis for this limitation 
in the claim. There is no component in the claim, and it is the receiving device, not the 
sending device, that performs the comparing step. The limitation is interpreted as "a 
comparing component of said sending device". Claims that are not specifically 
addressed are rejected to by virtue of their dependencies 

c. Regarding claim 16, it recites the limitation "said client is a portable device". 
There is insufficient antecedent basis for this limitation in the claim. The limitation is 
interpreted as "said sending device is a portable device". 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 
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7. Claims 1-7, 9, 11, 14-15 and 18-20 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Atalla (4,283,599). 

a. Regarding claim 1 which is representative of claims 18-20, Atalla discloses a 
method for authentication of communicating devices having a common secret, said 
method comprising the steps of: 

receiving a hash by a receiving device from a sending device (figures 1A-1B); 

and 

comparing said hash received from said sending device with a hash of said 
receiving device, wherein both hashes are calculated by hash algorithms using a 
random number, which meets the limitation of identification data, and said common 
secret (figures 1A-1B and corresponding sections in specification). 

b. Regarding claim 2, Atalla further discloses that said identification data is 
generated by said sending device (figures 1A-1B). 

c. Regarding claim 3, Atalla further discloses that said identification data is sent 
from said sending device to said receiving device (figures 1A-1B). 

d. Regarding claim 4, Atalla further discloses that said hash algorithms are identical 
(col. 3, lines 36-38). 

e. Regarding claim 5, Atalla further discloses that said common secret comprises a 
PIN (figures 1A-1B). 

f. Regarding claim 6, Atalla further discloses that said common secret comprises a 
PIN (figures 1 A-1 B) which meets the limitation of a password. 

g. Claim 7 is rejected on the same basis as claim 1 . 
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h. Regarding claim 9, Atalla further discloses that said random number is generated 
by a random number generator which is part of said sending device (fig. 1 A). Atalla 
does not explicitly disclose that the random number generator is a software component; 
however, software and hardware are logically equivalent. 

i. Regarding claim 1 1 , Atalla further discloses that said comparing step is 
accomplished by said receiving device (fig. 1A). 

j. Regarding claim -14, Atalla further discloses that the data connection between the 
sending device and the receiving device is an insecure data connection (see Abstract), 
k. Regarding claim 15, Atalla further discloses that said sending device and said 
receiving device form a client-server architecture (fig. 1B). 



Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claim 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over Atalla as 
applied to claim 7 above, and further in view of Heinz, Sr. (5, 812,764). Atalla does not 
disclose that the random number is generated by an operating system of said sending 
device. Heinz discloses a random number is generated by an operating system (col. 5, 
lines 41-45). It would have been obvious to one of ordinary skill in the art at the time the 
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invention was made to modify the Atalla method such that the random number is 
generated by an operating system, as taught by Heinz. The motivation for doing so 
would have been to utilize the built-in random-number generating function of the 
operating system. 

10. Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over Atalla as 
applied to claim 1 above, and further in view of Kaufman et al. (Network Security - 
Private Communication in a Public World). Atalla does not disclose the steps of 
receiving a hash by the sending device from the receiving device and comparing said 
hash received from said receiving device with a hash of said sending device, wherein 
both hashes are calculated by hash algorithms using identification data and said 
common secret. Kaufman discloses an authentication method that the steps of 
receiving a hash and comparing the received hash with a generated hash are 
performed at both ends of a communications channel (see p. 107, Section 4.2.1 
Authentication). It would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the Atalla method such that the steps of receiving a 
hash and comparing the received hash with a generated hash are performed at both 
ends, as taught by Kaufman, to achieve mutual authentication. 

11. Claims 12-13 and 16 rejected under 35 U.S.C. 103(a) as being unpatentable 
over Atalla as applied to claim 1 above, and further in view of Aiello et al. (6,496,808). 
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a. Regarding claim 12, Atalla does not disclose utilizing a smart card such that said 
common secret, said hash algorithm and a comparing component of said sending 
device are stored in the smart card and communication between the smart card and the 
receiving device is established via a card reader. Aiello discloses utilizing a smart card 
for authentication purpose, the smart card having a common secret stored in its secure 
memory, a hash algorithm and a comparing component (col. 9, lines 49-54; col. 10, 
lines 4-10 and 42-44). Aiello also discloses that communication between the smart card 
and the receiving device is established via a card reader (figures 1 and 5). It would 
have been obvious to one of ordinary skill in the art at the time the invention was made 
to modify the Atalla method to utilize a smart card such that said common secret, said 
hash algorithm and a comparing component of said sending device are stored in a 
smart card and communication between the smart card and the receiving device is 
established via a card reader, as taught by Aiello. The smart card permits a user to 
conduct remote transactions while using an untrusted computing device (col. 1 , lines 
53-56). 

b. Regarding claims 13 and 16, Atalla does not discloses that the sending device is 
a portable device having the smart card and the smart card reader. Aiello discloses a 
portable sending device having the smart card and the smart card reader (col. 3, lines 
31-40). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the Atalla such that sending device is a portable device 
having the smart card and the smart card reader, as taught by Aiello. People can carry 
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portable devices in their pockets and use them at all times to perform financial 
transactions (col. 1, lines 38-44). 

12. Claim 17 is rejected under 35 U.S.C. 103(a) as being unpatentable over Atalla in 
view of Kaufman. Atalla discloses a client-server architecture in which the server 
performs the authentication method of claim 1 (figures 1A-1B). Atalla does not disclose 
that the client authenticates the server. Kaufman discloses a system in which 
authentication is performed at both ends (fig. 3). It would have been obvious to one of 
ordinary skill in the art at the time the invention was made to modify the Atalla 
architecture such that the client also performs the authentication, as taught by Kaufman, 
to achieve mutual authentication. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Minh Dinh whose telephone number is 703-306-5617. 
The examiner can normally be reached on Mon - Fri: 9:00 am - 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 703-305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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